Wednesday, February 13, 2013

In a $50 million class action lawsuit, plaintiffs claim a hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole their personal information and allegedly opened fake credit accounts.

Identity theft at hospitals often reveals how patient information can be stolen to commit fraud. But experts, such as Brian Evans, of Tom WalshConsulting, agree preventive measures are needed.

"Unauthorized access has been a common problem in every healthcare organization I've worked in...Without proper auditing in place, it's difficult to quantify the scope of employees taking advantage of privileges they have for non-work related purposes like snooping." - Brian Evans, Tom Walsh Consulting

Besides limiting employee access to patients' sensitive information, healthcare organizations can take other steps to prevent identity fraud involving insiders, says Brian Evans. That includes deploying monitoring and breach detection tools, as well as ramping up employee training.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

"Written policies and procedures are enforced with a technical solution and unauthorized access is detected and addressed accordingly," Evans says. "More importantly, an organization's culture is changed because consistent and ongoing auditing and monitoring is established, which acts as a deterrent with disciplinary action as the outcome for those employees found in violation of policy."